漏洞 - 第716页-OGeek|极客世界-中国程序员成长平台

OGeek|极客世界-中国程序员成长平台 › 门户 ›漏洞

漏洞

RSS

下级分类:

CVE漏洞

CVE-2021-0144

Insecure default variable initialization for the Intel BSSA DFT feature may allow a privileged user to potentially enable an escalation of privilege via local access.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：33 | 回复：0
CVE漏洞

CVE-2020-20231

Mikrotik RouterOs through stable version 6.48.3 suffers from a memory corruption vulnerability in the /nova/bin/detnet process. An authenticated remote attacker can cause a Denial of Service (NULL poi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：36 | 回复：0
CVE漏洞

CVE-2020-0417

In setNiNotification of GpsNetInitiatedHandler.java, there is a possible permissions bypass due to an empty mutable PendingIntent. This could lead to local escalation of privilege with User execution ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：31 | 回复：0
CVE漏洞

CVE-2019-11098

Insufficient input validation in MdeModulePkg in EDKII may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical acc ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：33 | 回复：0
CVE漏洞

CVE-2021-24119

In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：34 | 回复：0
CVE漏洞

CVE-2021-24116

In wolfSSL through 4.6.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel an ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-35469

The Lexmark Printer Software G2, G3 and G4 Installation Packages have a local escalation of privilege vulnerability due to a registry entry that has an unquoted service path.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-33689

When user with insufficient privileges tries to access any application in SAP NetWeaver Administrator (Administrator applications), version - 7.50, no security audit log is created. Therefore, securit ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-33687

SAP NetWeaver AS JAVA (Enterprise Portal), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50 reveals sensitive information in one of their HTTP requests, an attacker can use this in conjunction with other ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：35 | 回复：0
CVE漏洞

CVE-2021-33684

SAP NetWeaver AS ABAP and ABAP Platform, versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 8.04, 7.21, 7. ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：42 | 回复：0
CVE漏洞

CVE-2021-33683

SAP Web Dispatcher and Internet Communication Manager (ICM), versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRN ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：35 | 回复：0
CVE漏洞

CVE-2021-33682

SAP Lumira Server version 2.4 does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This would allow an attacker with basic level privileges to st ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：44 | 回复：0
CVE漏洞

CVE-2021-33681

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated CGM file received from untrusted sources which causes out of bounds write and causes the application to crash and becomi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：30 | 回复：0
CVE漏洞

CVE-2021-33680

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated CGM file received from untrusted sources which causes buffer overflow and causes the application to crash and becoming t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：27 | 回复：0
CVE漏洞

CVE-2021-33678

A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F, allows a high privileged att ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：40 | 回复：0
CVE漏洞

CVE-2021-33677

SAP NetWeaver ABAP Server and ABAP Platform, versions - 700, 702, 730, 731, 804, 740, 750, 784, expose functions to external which can lead to information disclosure.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：39 | 回复：0
CVE漏洞

CVE-2021-33676

A missing authority check in SAP CRM, versions - 700, 701, 702, 712, 713, 714, could be leveraged by an attacker with high privileges to compromise confidentiality, integrity, or availability of the s ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：29 | 回复：0
CVE漏洞

CVE-2021-33671

SAP NetWeaver Guided Procedures (Administration Workset), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for an authenticated user, resulting in escalat ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：33 | 回复：0
CVE漏洞

CVE-2021-33670

SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby c ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：48 | 回复：0
CVE漏洞

CVE-2021-33667

Under certain conditions, SAP Business Objects Web Intelligence (BI Launchpad) versions - 420, 430, allows an attacker to access jsp source code, through SDK calls, of Analytical Reporting bundle, a p ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-25953

Prototype pollution vulnerability in 'putil-merge' versions1.0.0 through 3.6.6 allows attacker to cause a denial of service and may lead to remote code execution.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-22318

A component of the HarmonyOS 2.0 has a Null Pointer Dereference Vulnerability. Local attackers may exploit this vulnerability to cause system denial of service.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：28 | 回复：0
CVE漏洞

CVE-2021-36374

When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. Thi ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：33 | 回复：0
CVE漏洞

CVE-2021-36373

When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used t ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：35 | 回复：0
CVE漏洞

CVE-2021-20784

HTTP header injection vulnerability in Everything all versions except the Lite version may allow a remote attacker to inject an arbitrary script or alter the website that uses the product via unspecif ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：32 | 回复：0
CVE漏洞

CVE-2021-20782

Cross-site request forgery (CSRF) vulnerability in Software License Manager versions prior to 4.4.6 allows remote attackers to hijack the authentication of administrators via unspecified vectors.……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：41 | 回复：0
CVE漏洞

CVE-2021-20781

Cross-site request forgery (CSRF) vulnerability in WordPress Meta Data Filter Taxonomies Filter versions prior to v.1.2.8 and versions prior to v.2.2.8 allows remote attackers to hijack the authentic ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：37 | 回复：0
CVE漏洞

CVE-2021-20748

Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an exter ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：34 | 回复：0
CVE漏洞

CVE-2021-20747

Improper authorization in handler for custom URL scheme vulnerability in Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14 allows a remote attacker to lead ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：37 | 回复：0
CVE漏洞

CVE-2020-19722

An unhandled memory allocation failure in Core/Ap4Atom.cpp of Bento 1.5.1-628 causes a direct copy to NULL pointer dereference, leading to a denial of service (DOS).……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：27 | 回复：0
CVE漏洞

CVE-2020-19721

A heap buffer overflow vulnerability in Ap4TrunAtom.cpp of Bento 1.5.1-628 may lead to an out-of-bounds write while running mp42aac, leading to system crashes and a denial of service (DOS).……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：45 | 回复：0
CVE漏洞

CVE-2020-19720

An unhandled memory allocation failure in Core/AP4IkmsAtom.cpp of Bento 1.5.1-628 causes a NULL pointer dereference, leading to a denial of service (DOS).……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：26 | 回复：0
CVE漏洞

CVE-2020-19719

A buffer overflow vulnerability in Ap4ElstAtom.cpp of Bento 1.5.1-628 leads to a denial of service (DOS).……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：36 | 回复：0
CVE漏洞

CVE-2020-19718

An unhandled memory allocation failure in Core/Ap4Atom.cpp of Bento 1.5.1-628 causes a NULL pointer dereference, leading to a denial of service (DOS).……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：42 | 回复：0
CVE漏洞

CVE-2020-19717

An unhandled memory allocation failure in Core/Ap48bdlAtom.cpp of Bento 1.5.1-628 causes a NULL pointer dereference, leading to a denial of service (DOS).……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：34 | 回复：0
CVE漏洞

CVE-2020-19716

A buffer overflow vulnerability in the Databuf function in types.cpp of Exiv2 v0.27.1 leads to a denial of service (DOS).……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：43 | 回复：0
CVE漏洞

CVE-2020-19715

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-13110 Reason: This candidate is a duplicate of CVE-2019-13110. Notes: All CVE users should reference CVE-2019-13110 instead of this ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：26 | 回复：0
CVE漏洞

CVE-2021-32755

Wire is a collaboration platform. wire-ios-transport handles authentication of requests, network failures, and retries for the iOS implementation of Wire. In the 3.82 version of the iOS application, a ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：34 | 回复：0
CVE漏洞

CVE-2021-22000

VMware Thinapp version 5.x prior to 5.2.10 contain a DLL hijacking vulnerability due to insecure loading of DLLs. A malicious actor with non-administrative privileges may exploit this vulnerability to ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：25 | 回复：0
CVE漏洞

CVE-2021-21995

OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue. A malicious actor with network access to port 427 on ESXi may be able to trigger a heap out-of-bounds ...……

作者：菜鸟教程小白 | 时间：2022-2-5 11:25 | 阅读：29 | 回复：0